Finnish biometric identity plans for seamless air travel

Finnair and Finavia explore options for automatic digital identification and authentication of air travellers

Working on the assumption that air travel will continue to grow in the future, two Finnish organisations have carried out exploratory investigations into the possibility of simplifying the identification and authentication of passengers, for air travel in Finland and potentially elsewhere.

Finavia, formerly known as the Finnish Civil Aviation Administration, is the Finnish government organisation responsible for overseeing air travel within, to and from Finland’s 21 airports. Working with Finnair, the Helsinki-based flag carrier and largest Finnish airline, Finavia ran a pilot trial earlier this year to determine the feasibility of certain new approaches to simplifying passenger identification.

The two organisations worked with a digital identity pilot initiative called Sandbox of Trust, which is aiming to create SisuID, which acts as a portal or aggregator to a variety of different identity documents.

Using facial recognition, this potentially means that travellers need never show their identity documents throughout the entirety of their journey, with facial recognition providing authentication every step of the way. Crucially, it’s the user who decides which ID information is shared through SisuID.

An earlier study from the International Air Transport Association (IATA) found that 45% of passengers, mainly in the younger generations, are open to using biometric identification for the entire duration of their travel.

According to Jouni Naskali, head of technology and cyber security at Finnair: “As the number of air travellers grows, the industry must find solutions for improving the current processes, and passenger identification is one of the most repetitive, time consuming processes at the airport. Biometrics has potential for enhancing this process, and Finnair actively explores with different stakeholders how the travel experience could be made more future proof, convenient and secure for our customers.”

Finnair and Finavia recognised the importance of placing the passenger at the centre of the process, especially when it comes to matters such as privacy, data security and consent. For example, from a practical and legal perspective, who would be responsible for the biometric data at each stage of the authorisation process?

Read more about biometric ID

  • Eash Sundaram, chief digital and technology officer at JetBlue Airways, explains how the company’s biometrics initiative is aimed at enhancing customer experience and enabling “frictionless travel.”
  •  TSB is integrating technology into its banking app that will allow people to open accounts via a selfie
  • Biometric and blockchain technologies are being used in tandem to provide ID verification at Saudi Arabian cash machines.

Heikki Koski, chief digital officer of Finavia and vice-president of Helsinki Airport, said: “We are seeking a model which would benefit passengers most. A solution where the data controller would be a digital identity platform provider utilising MyData principles would be ideal as it would expand the use of digital identity outside Finavia airports.

“In 2017, we carried out a small-scale test of a biometric identification together with Finnair,” said Koski. “The results we got were positive. As many as 30 out of 37 interviewed passengers replied that they would join further pilots or implementations. The rest said they might join. No one stated that they would not join in future.”

The 2019 pilot determined that fully biometric authentication could significantly improve passenger flow and also the subjective travel experience for people flying within Finland. However, no customers were involved in the pilot, which was more a proof of concept project to identify pros and cons of the proposal.

Naskali at Finnair said: “In 2019 we engaged in SisuID piloting together with Finavia, and the focus in this project was in understanding technical and passenger flow implications in biometric enabled passenger process. We are also taking part in the biometric boarding at Los Angeles airport as of last summer, and in 2017 we conducted a proof of concept pilot with facial recognition technology in identifying Finnair frequent flyers at Helsinki Airport in collaboration with Finavia.”

So where does this leave the concept? As the pilot findings note, there are no technical or legal obstacles to implementing fully biometric authentication on a per-traveller level, at least within the Schengen area. That’s true even if using a mobile app with user registration.

However, it’s a different matter when it comes to actually scanning passengers as a group, especially if not all of them have consented to the use of biometrics. In other words, there’s a legal issue relating to the mass scanning of people who may have not signed up to the scheme.

Data protection

In accordance with GDPR and other data protection/privacy regulations, there’s also work to be done in deciding who controls and processes the data. This isn’t easy to resolve, since the data “belongs” to the user, at least in principle. There are also additional considerations when handling the data of passengers travelling outside the Schengen area.

In fact, privacy and data security, rather than technology, are likely to be the biggest stumbling blocks to applying the pilot on a large scale, which is partly why there’s currently no timetable for implementing seamless whole-journey biometric passenger authentication.

“The pilot we conducted together with Finnair was the very first steps,” said Finavia’s Koski. “The aim was to gather insights into biometric identification as a part of our aim to ease and smoothen air travelling with seamless and fast passenger processes. [...] There are still many open questions like privacy aspects.”

Finavia’s Naskali agreed: “The project we conducted with Finavia was a pilot where we gathered insight into technical and privacy aspects of deploying biometrics in travel, and at this stage we have no published plans for implementation of biometrics into our processes.”

In other words, more research is needed. Koski said in addition to privacy issues there are other legal topics that have to be investigated. “We need more information and data about how biometric systems change passenger flow and the airport operations.”

Naskali added: “A lot of work is needed to understand current legal and privacy requirements regarding biometrics data usage and user consent and Finnair is actively following many industry workgroups in relation to data security and privacy for these types of applications and the type of standards that should be used and developed.”

It will therefore still be some time before Finnish air passengers can stroll through an airport, their documents in their carry-on luggage, their phones in their pockets, being identified every step of the way by facial recognition, with no need to show ID cards, tickets or passports.

Read more on IT for transport and travel industry

Data Center
Data Management